| Commit message (Collapse) | Author | Age | ||
|---|---|---|---|---|
| ... | ||||
| * | QUIC: fix dissection of Initial packets coalesced with 0-RTT one (#1044) | Ivan Nardi | 2020-11-03 | |
| | | | | | | * QUIC: fix dissection of Initial packets coalesced with 0-RTT one * QUIC: fix a memory leak | |||
| * | Fix for detecting numeric IPs | Luca Deri | 2020-11-01 | |
| | | ||||
| * | Added boundary check | Luca Deri | 2020-10-27 | |
| | | ||||
| * | Improve skype detection (#1039) | Igor Duarte | 2020-10-27 | |
| | | | | | | | | * Add new skype pcap PCAP extracted from SkypeIRC.cap (available in https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=SkypeIRC.cap) * Improve skype detection | |||
| * | Added -D flag for detecting DoH in the wild | Luca Deri | 2020-10-26 | |
| | | | | | Removed heuristic from CiscoVPN as it leads to false positives | |||
| * | Various improvemement when using ndpi_pref_enable_tls_block_dissection: | Luca Deri | 2020-10-24 | |
| | | | | | | | application data TLS blocks are now ignored when exchanged before - the end of certificate negotiation (up to TLS 1.2) - change cipher | |||
| * | Added CPHA - CheckPoint High Availability Protocol protocl support | Luca Deri | 2020-10-22 | |
| | | ||||
| * | Fixes #1033 | Luca Deri | 2020-10-21 | |
| | | ||||
| * | Added fix for invalid SNI check when SNI is missing | Luca Deri | 2020-10-02 | |
| | | ||||
| * | QUIC: fix dissection of "offset" field (#1025) | Ivan Nardi | 2020-09-29 | |
| | | | | | | | | The "offset" field is a variable-length integer. This bug hasn't any practical effects right now, since we are ignoring any packet with "offset" != 0 (and the value 0 is always encoded in only one byte). But extracting a correct "offset" is important if we are ever going to handle fragmented Client Hello messages. | |||
| * | Added extra boundary checks | Luca Deri | 2020-09-26 | |
| | | ||||
| * | Boundary fix | Luca Deri | 2020-09-25 | |
| | | ||||
| * | Various optimizations to reduce not-necessary calls | Luca Deri | 2020-09-24 | |
| | | | | | | Optimized various UDP dissectors Removed dead protocols such as pando and pplive | |||
| * | Improved boundary check to prevent overflow | Luca Deri | 2020-09-23 | |
| | | ||||
| * | Minor UA handling improvement to avoid heap-overflow | Luca Deri | 2020-09-22 | |
| | | ||||
| * | Minor change for alignment issue | Luca Deri | 2020-09-21 | |
| | | ||||
| * | Added risks for checking | Luca Deri | 2020-09-21 | |
| | | | | | | - invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension | |||
| * | Merge pull request #1019 from IvanNardi/quic_fb | Luca Deri | 2020-09-20 | |
| |\ | | | | | QUIC: add support for MVFST EXPERIMENTAL version | |||
| | * | QUIC: add support for MVFST EXPERIMENTAL version | Nardi Ivan | 2020-09-20 | |
| | | | ||||
| * | | Merge pull request #1017 from lnslbrty/fix/mingw-xcompile | Luca Deri | 2020-09-20 | |
| |\ \ | |/ |/| | Added support for mingw xcompile. | |||
| | * | Fixed shlib xcompile for x86_64-w64-mingw32 | Toni Uhlig | 2020-09-08 | |
| | | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | | Reworked MDNS dissector that is not based on the DNS dissector | Luca Deri | 2020-09-17 | |
| | | | ||||
| * | | Merge pull request #1012 from IvanNardi/ua | Luca Deri | 2020-09-17 | |
| |\ \ | | | | | | | QUIC: extract User Agent information | |||
| | * | | TLS: fix memory accesses in QUIC transport parameters extension | Nardi Ivan | 2020-09-10 | |
| | | | | ||||
| | * | | QUIC: extract User Agent information | Nardi Ivan | 2020-09-08 | |
| | | | | ||||
| | * | | http: create a common function to parse User Agent field | Nardi Ivan | 2020-09-08 | |
| | | | | | | | | | | | | | Prepare the code to handle UA information from flows other than HTTP | |||
| * | | | Disabled QUIC tracing that pollutes the output | Luca Deri | 2020-09-17 | |
| | | | | ||||
| * | | | Added boundary check | Luca Deri | 2020-09-10 | |
| | | | | ||||
| * | | | Merge pull request #1014 from lnslbrty/improved/teamspeak | Luca Deri | 2020-09-09 | |
| |\ \ \ | | | | | | | | | Improved Teamspeak(3) protocol detection. | |||
| | * | | | Improved Teamspeak(3) protocol detection. | Toni Uhlig | 2020-09-09 | |
| | |/ / | | | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * / / | Added extension to detect nested subdomains as used in Browsertunnel attack tool | Luca Deri | 2020-09-09 | |
| |/ / | | | | | | | https://github.com/veggiedefender/browsertunnel | |||
| * / | Improved dnscrypt v1/v2 protocol detection. | Toni Uhlig | 2020-09-06 | |
| |/ | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Fixed off-by-one error in Kerberos protocol. | Toni Uhlig | 2020-09-02 | |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Fixed false positive detection for Skype.SkypeCall (affects at least Cisco ↵ | Toni Uhlig | 2020-09-02 | |
| | | | | | | | HSRP and RADIUS). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Added boundary check | Luca Deri | 2020-09-01 | |
| | | ||||
| * | Added (optional) notifier for LRU add | Luca Deri | 2020-08-31 | |
| | | ||||
| * | QUIC: add support for GQUIC T050 and T051 | Nardi Ivan | 2020-08-30 | |
| | | | | | | | QUIC versioning wasn't complex enough without T05X family... These versions are very similar to Q050, but use TLS as their handshake protocol. | |||
| * | Improved ntop detection over HTTP | Luca Deri | 2020-08-30 | |
| | | | | | Added cap on number of attempts for CiscoVPN | |||
| * | Fixed false positive in suspicous user agent | Luca Deri | 2020-08-30 | |
| | | | | | Optimized stddev calculation | |||
| * | Merge pull request #996 from lnslbrty/fix/travis-ci | Luca Deri | 2020-08-28 | |
| |\ | | | | | Fix travis-ci related errors. | |||
| | * | Fixed use-of-uninitialized-value in QUIC clho decryption probably caused by ↵ | Toni Uhlig | 2020-08-27 | |
| | | | | | | | | | | | | | a BUG in libgcrypt (not verified). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| | * | Moved NDPI_CURRENT_PROTO define before ndpi_api.h include to prevent a ↵ | Toni Uhlig | 2020-08-27 | |
| | | | | | | | | | | | | | redefinition warning. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | | Passes method_len param to ndpi_http_str2method | Simone Mainardi | 2020-08-27 | |
| | | | ||||
| * | | Added ndpi_http_method ndpi_http_str2method(const char* method) API call | Luca Deri | 2020-08-26 | |
| |/ | ||||
| * | QUIC: minor fixes | Nardi Ivan | 2020-08-24 | |
| | | | | | | | LGTM found a real issue on a boundary check Fix unit tests: a pcap ha been uploaded twice (with different names) Fix compilation when using DPDK (see #990) | |||
| * | Creared IoT-Scada category | Luca Deri | 2020-08-23 | |
| | | | | | Minor dnp3 changes | |||
| * | Warning fix | Luca Deri | 2020-08-22 | |
| | | ||||
| * | Add sub-classification for GQUIC >= Q050 and (IETF-)QUIC | Nardi Ivan | 2020-08-21 | |
| | | | | | | | | | | | | Add QUIC payload and header decryption: most of the crypto code has been "copied-and-incolled" from Wireshark. That code has been clearly marked as such. All credits for that code should go to the original authors. I tried to keep the Wireshark code as similar as possible to the original, comments included, to ease future backporting of fixes. Inevitably, glibc data types and data structures, tvbuff abstraction and allocation functions have been converted. | |||
| * | Update TLS dissector to handle QUIC flows | Nardi Ivan | 2020-08-21 | |
| | | | | | | | | Latest QUIC versions use TLS for the encryption layer: reuse existing code to allow Client Hello parsing and sub-classification based on SNI value. Side effect: we might have J3AC, TLS negotiated version, SNI value and supported cipher list for QUIC, too. | |||
| * | Major rework of QUIC dissector | Nardi Ivan | 2020-08-21 | |
| | | | | | | Improve support for GQUIC (up to Q046) and add support for Q050 and (IETF-)QUIC Still no sub-classification for Q050 and QUIC | |||